We performed a comparison between Qualys Web Application Scanning and Veracode based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Its most valuable features are patch management, vulnerability management, and PCI compliance."
"I have found the detection of vulnerabilities tool thorough with good results and the graphical display output to be wonderful and full of colors. It allows many types of outputs, such as bar and chart previews."
"The Qualys Web Application Scanning solution offers a single comprehensive console and consolidated reporting, covering all aspects from on-prem to cloud and compliance, etcetera."
"The most valuable feature is that we are able to scan the services and put credentials like a user ID password. We can verify the vulnerability level."
"The interface is user-friendly and easy to understand."
"Key features include: Cloud-based, so the installation is not so tedious. Easily deployed. Highly scalable. Comprehensive reporting."
"It works with many different products."
"The feature that I have found most valuable is the progressive scan. It is good. It's done in 24 hours."
"The Security Labs [is] where I have the developers training and constantly improving their security, and remembering their security techniques. That way, they are more proactive and make sure things are correct. They're faster because they're doing it in the first place."
"It provides security of different Shadow IT activities in our environment, especially around application development and website hosting."
"I liked that I could easily find out where my errors were. Instead of going through the whole code and the scripts, it showed me where the errors were and gave me an idea of how to fix them."
"The source composition analysis had very good reporting."
"The solution is a specialist in SAST that you can rely on. Code scanning is fast with current, updated algorithms."
"It has given our management a view into issues with all of our product lines. We have three products and all of them were scanned. As a result, the project lead for each product has taken measures to improve things."
"We use it to get our scan results and see where our software is vulnerable or not vulnerable."
"Their dashboard is really good, overall. In my opinion, it's one of the best in the market, and I say that because we have used other service providers."
"The support could be faster."
"There should be better visibility into the application."
"Qualys Web Application Scanning is very complex to use, and its graphical interface is not very user-friendly."
"In terms of the Policy Compliance model which they currently have, not all the platforms are being covered. If they could improve on the Policy Compliance model, since there are policies which are benchmarked against it, this will be helpful for us."
"The product's pricing could be better."
"The scanner reports a lot of false positives, which is something that needs to be improved."
"The product should allow users to upload their payloads."
"They should try to include business logic vulnerabilities in the scanner testing."
"Veracode should include the feature to run multiple scales at a time."
"I would like to see expanded coverage for supporting more platforms, frameworks, and languages."
"We have some constraints interacting with Veracode self-support. I'm not talking about their technical support. I'm talking about self-support. We sometimes have a hard time communicating with them."
"I think if they could improve the operations around accepted vulnerabilities, we would see improvements in our productivity."
"The on-platform reporting needs to be opened up much more. We'd like to be able to look at the inspection data from a trending perspective in a much more open manner. I need to be able to sort and filter much more flexibly than I can today."
"The scanning takes a lot of time to complete."
"Veracode can be slow at times and has room for improvement, which may cause delays in our products and prolonged static scans."
"When Veracode updates the pool of tests and security checks, it could be a little more transparent about what it is releasing. It's not clear what it's adding. They do thousands of checks, and when they add more, there aren't many details about what the new tests are doing."
More Qualys Web Application Scanning Pricing and Cost Advice →
Qualys Web Application Scanning is ranked 19th in Application Security Tools with 31 reviews while Veracode is ranked 2nd in Application Security Tools with 193 reviews. Qualys Web Application Scanning is rated 7.8, while Veracode is rated 8.2. The top reviewer of Qualys Web Application Scanning writes "A stable solution that can be used for infrastructure vulnerability scanning and web application scanning". On the other hand, the top reviewer of Veracode writes "Helps to reduce false positives and prevent vulnerable code from entering production, but does not support incremental scanning ". Qualys Web Application Scanning is most compared with OWASP Zap, SonarQube, PortSwigger Burp Suite Professional, Fortify WebInspect and Tenable.io Web Application Scanning, whereas Veracode is most compared with SonarQube, Checkmarx One, Snyk, Fortify on Demand and GitHub Advanced Security. See our Qualys Web Application Scanning vs. Veracode report.
See our list of best Application Security Tools vendors and best Application Security Testing (AST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.